Saint John NB-based TrojAI, which makes a comprehensive platform for securing AI, has announced the launch of TrojAI Defend for MCP, their new AI runtime defense solution for agentic AI workflows. MCP Model Context Protocol (MCP) is an open protocol that enables AI agents to connect with external data, tools, and services in a standardized way. This, in turn, spurs AI innovation at a rapid pace. TrojAI Defend for MCP was built to monitor traffic to and from MCP servers, providing unified visibility, policy analysis, and runtime enforcement across agents and MCP gateways.
“What our founders saw is that enterprises will adopt AI in a major way,” said Lee Weiner, CEO of TrojAI. “Defend for MCP is an evolution of what we have always been doing. MCP is an agentic architecture that makes it easy for developers to build applications that integrate with models. It’s a way to standardize, simplify and democratize.”
TrojAI’s market is primarily large enterprises.
“It is larger companies for sure,” Weiner said. “It is primarily in areas like financial services and technology. That’s because a lot of the development in assessing risk is happening in larger businesses, and SMBs don’t have the talent to do that kind of work.
Weiner explained the nature of the problem that the use of MCP servers brought with it as well as its positives, emphasizing the importance of understanding how AI models and applications work to protect against unwanted and malicious activities.
“Traditional cybersecurity approaches focus on systems, software, and files, whereas AI-related risks involve model interactions and behaviors,” he stated. Weiner cited potential risks such as inappropriate content, data leaks, and manipulation through prompts.
Weiner explained that MCP is an agentic architecture and set of standards that simplifies building applications that interface with models and other agents. He noted that MCP is becoming increasingly popular in enterprises for developing AI agents, but highlighted the associated risks, particularly around server governance and access controls. He emphasized that their solution provides visibility and protection for MCP servers, helping customers manage these risks as they adopt the technology, using frameworks from NIST, OWASP, MITRE ATLAS, and CSA that help security leaders understand this new threat landscape.
“If you think about way AI models work, it’s much more of a linguistic approach,” Weiner noted. “So this really isn’t that common. This is more about interactions and behavior that can create risk, like leaking some sensitive data. While some companies are working on Multi-Cloud Placement, many have not focused on security, governance, and control aspects, which is where they are concentrated.
Part of the reason for this is that while MCP has only been around for a short time, it has gained traction quickly due to its enabling capabilities, with more emphasis on application and agent development rather than security. Weiner highlighted the growing concern in enterprises about deploying MCP without proper protection and risk management, drawing parallels to other technological innovations that require careful risk management.
“There is a lack of focus on security and control aspects in the field of AI because it is a rapidly evolving area where innovation often outpaces management capabilities,” he said. Unauthorized MCP servers and agents can emerge outside approved governance, while unvetted tools may execute malicious code or exfiltrate sensitive data. Tool definitions themselves can drift, be tampered with, or poisoned, leading to altered instructions and hidden payloads. Traditional security controls like firewalls and DLP lack visibility into MCP runtime behavior, leaving blind spots for prompt injection and policy enforcement. Organizations must now monitor for data leakage, privilege escalation, cross-agent manipulation, and compliance breaches within this new runtime layer.
“The adoption of MCP is increasing, and customers are demanding visibility into risks and control over their environments” Weiner said. “We provide visibility into the tools they can access, and protect them as well. Customers want to be able to control the use of MCP servers, which are also new. Anthropic introduced them only early this year. So there has not been a lot of focus on security and control. But there is concern over deploying this technology and this needs to be managed.”
This is where TrojAI Defend for MCP comes in
“Enterprises are innovating with AI at a rapid pace and moving toward sophisticated agentic AI workflows,” Weiner stated. “The rise of MCP is accelerating that adoption. Unfortunately, security often lags behind AI. “With TrojAI Defend for MCP, we are enabling the adoption of agents using MCP by ensuring these advanced workflows are secure. By monitoring agentic workflows in real time in production systems, TrojAI Defend for MCP helps customers not just keep pace with new and evolving threats but get ahead of them.”
Weiner explained that MCP and agents enable standardized interfaces with AI systems, leading to a significant increase in their use. The focus is on providing visibility into MCP servers, ensuring their activity is approved, authorized, governed, and controlled. He emphasized the difference between traditional chatbots and MCP, highlighting the simplicity of spinning up servers to access third-party AI systems.
“There is a need to control, secure, and understand the risks associated with this innovation,” Weiner said. “The innovation is amazing, but if it’s not governed it’s a threat, and enterprises understand that.”
Weiner said that while traditional security controls like firewalls and DLP lack visibility into MCP runtime behavior, TrojAI Defend for MCP is very different.
“We were purpose built to analyze Generative AI in a very deep way,” he commented. “We can deconstruct payloads and build that into our project. We are squarely focused on this problem, and can detect the threats actively so they can be blocked or controlled. Defend analyzes Generative AI traffic, and what we are doing here is extending that whole enhancement for the MCP protocol specifically.”
TrojAI Defend’s extension to support MCP servers and tools goes beyond what the product has traditionally done in analyzing prompts to and from AI models for sensitive information and inappropriate content, and the new extension will allow it to find unapproved or compromised MCP servers and tools in the environment.
Its’ features include a MCP Server Registry and Tool Approval that will discover all MCP servers in an organization’s environment and register approved servers to eliminate “shadow” MCP instances. It also provides full MCP Traffic Visibility, which will monitor all MCP traffic, including prompts and responses, to and from each server, and block connections to unregistered or rogue servers, eliminating hidden communication paths. Tool Change Detection and Prevention continuously tracks changes in tool definitions to prevent tampering, drift, or poisoning, and automatically alerts or blocks when unapproved tools appear or when new MCP server traffic flows through proxies or gateways outside approved paths. Finally, a MCP Policy Engine applies MCP-specific policies that inspect, audit, and enforce security in real time. These policies strengthen governance by ensuring that all agent interactions comply with enterprise data handling rules, and also provide a detailed audit trail for compliance and incident response.
“We see these enterprises looking to trusted partners to move forward,” Weiner stated. “Partners can secure MCP as they roll out. It’s something that is innovative and unique, and which gives them the ability to provide subject matter expertise as well as the ability to offer value-added services, in order to drive appropriate use of MCP.”
Mark and Lee discussed the impact of the technology on partners and the channel opportunity. Lee emphasized that enterprises rely on trusted partners for guidance on implementing MCP, and now partners can help their customers secure MCP with innovative solutions. They also highlighted the opportunity for partners to provide subject matter expertise on GenAI and MCP, offering value-added services to their customers.
TrojAI is headquartered in New Brunswick, with engineering offices in both St. John and Fredericton.